Applicants Response to Examiner's Comments 



Information Disclosure Statement 

Applicant requests that Examiner note the enclosed submission of Prior Art references. 

Applicant encloses Information Disclosure Statement PTO/SB/08a with specific references to the 
U.S. Pat. Ser. No.'s 5,224,163; 5,649,099; 6,189,103; and 6,073,242 

Claim Objections 

Examiner raises objections to Claim 1 in that an indefinite article is missing for the 
element of "proxy" in the Claim. Applicant respectfully submits herein a currently amended 
claim 1 with the term proxy eliminated and that Examiner's objection is therefore moot. 

Claim Rejections - 35 USC § 112 

Claim 1 is rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for failing 
to particularly point out and distinctly Claim the subject matter which applicant regards as the 
invention. Claims 2-9 are further rejected by Examiner by virtue of their dependence on Claim 
2. 

Examiner rejects the recitation in Claim 1 as originally filed of "request for access is 
authorized by the proxy" as not being understandable. Examiner has treated this element of 
Claim 1 as originally filed to intend a meaning of "the proxy is used to authorize a request for 
access". 

Applicant responds that Claim 1 as currently amended no longer recites a request for 
access by a proxy and as currently amended and submitted. Applicant prays that Examiner 
review Applicant's arguments provided below regarding Claim rejections under 35 USC § 102 
and under 35 USC § 103 that discuss the content and meaning of the Claims as currently 
amended, and address the requirements of 35 USC § 102 and the second paragraph therein. 



Claim Rejections - 35 USC § 102 
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Examiner rejects Claims 1-2 and 4-8 under 35 U.S.C. 102(b) as being anticipated by 
Feghhi et al as cited Examiner. Examiner notes that Feghi et al. disclose a certificate that 
comprise a subject, issuer and validity period. Examiner further notes that Feghhi et al. disclose 
a Web server that (1.) asks a client to submit its certificate when the client accesses a page, (2.) 
authenticates the client, and (3.) make the certificate available to the requested page. Examiner 
holds that Feghhi et al. teach that the page then uses the certificate to determine access privileges 
and uses a Netscape software to implement an authentication of the certificate. Examiner recites 
from Feghhi et al.'s writing on page 170 therein that "if a resource requires client certificate 
authorization for access control, the first time a user accesses the resource he must enter his user 
name and password to establish his identity. Netscape than maps the user's certificate to his user 
name and password. After the mapping is established, the user can seamlessly accesses [sic] a 
restricted resource without ever needing to provide his login and password. The server uses the 
client certificate to search the user LDAP database for the user's entry. If the entry is found, the 
server compares the certificate received against the certificate in the directory." 

Examiner argues that Feghhi et al. as cited above reads on the creation of a proxy 
identifying the grantor, a submittal by the grantee of a request for access to a resource repository, 
where the request for access is authorized by the proxy, validation by the resource repository for 
access as authorized by the proxy, permitting access as requested by the request for access, 
electronic data interchange messages, formatted digital messages and a provision of the proxy to 
the resource repository. Examiner further mainitains that the limitations of Claims 2, 4 and 7 are 
inherent and cites Fig 3.2, page 67 of Feghhi et al. 

Examiner respectfully draws Examiner's attention to the attached Figure A of this 
communication, wherein the method of Fegghi et al. is described in a flowchart. As illustrated in 
the flowchart, the technique taught by Feghhi et al. involves two entities wherein a client 
accesses a resource by providing a certificate to a webserver, and the webserver subsequently 
(when the certificate is validated) maps a user's name and password to the certificate and permits 
future access to any future requestor providing the name and password to the resource privileges 
designated in the certificate. The technique of Feghhi et al. merely expedites the process of 
enabling the client to exercise full privileges of a single certificate, where the single certificate is 
associated only with access permission's allowed to the client. 
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Examiner's attention is respectfully drawn to Figure B of this communication, wherein an 
embodiment of the Method of the Present Invention is described in a flowchart. In contrast with 
Fegghi et al, Claim 1 enables a stateless transaction as described in Figure B wherein a third 
party (the grantee) may prepare an electronic message that includes a permission granted by the 
grantor to a subset of the grantor's range of permissions regarding an identified resource of the 
resource repository. The Method of the Present Invention as enabled by the method described in 
Claim 1 as currently amended thereby allows the issuance of a grantor credential that enables the 
grantor to directly access at least one resource of the resource repository, while additionally 
enabling the grantor to, in a single communication to a third party grantee, to proceed on as the 
instant third party elects to access one or more resources within a range of permission specified 
in the single communication. The range of permission endowed by the grantor to the grantee 
must be authorized within the allowed access privileges specified in the grantor credential. The 
Method of the Present Invention thereby allows a grantor to generate constrained permissions to 
the grantee that do not go beyond the permissions authorized to the grantor. Finely grained 
delegation of access privileges by the grantor are thereby enabled by the Method of the Invention 
as claimed in Claims 1-5, 7, 8 and 10 The grantor is thereby relieved of a burden of responding 
to informational requests from the grantee regarding the status of the one or more resources of 
the resource repository, and the grantee is allowed the freedom to initiate stateless transactions 
with the resource repository without further mediation by the grantor after receipt by the grantee 
of the single grantor-to-grantee communication issued by the grantor. In the Method of the 
Present Invention, again in contrast to Fegghi et al., the grantor may issue permissions to 
numerous grantees by means of individual grantee credentials that clearly and uniquely restrict 
the access of each grantee to one or more resources. The resulting enablement of the grantees to 
information harvested from one or more resources by means of stateless transaction, while 
reducing the communications burdened placed on the grantor by the grantees is neither disclosed 
nor anticipated by Fegghi et al.. 

Applicant respectfully submits that Claims 2-5, 7, 8 and 10 are dependent from Claim 1 
and are therefore allowable. 
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Claim Rejections - 35 USC § 103 

Examiner rejects Claims 3, 9 and 10 under 35 U.S.C. 103 (a) being upatentable and 
obvious. In particular, Examiner rejects Claim 10 on the grounds that Feghhi et al. teach of 
certificate revocation. Examiner asserts that revoking a scope of grant of a previously issued 
grantor would therefore be obvious in light of Feghhi et al. Applicant responds that Claim 3 is 
dependent from Claim 1, and as currently amended herein describes a revocation of a grantee's 
credential that is used by a grantee to avail the grantee of a subset of the grantor's access to a 
resource. Applicant responds that Claim 3 depends from Claim 1, and the revocation of a 
credential as an element added to a Claim dependent from an allowable independent Claim 
results in allowability of the Claim specifying a credential revocation element or limitation. 

In reference to rejecting Claim 9 for obviousness, Examiner offers an Official Notice that 
it is old and well known practice in the art to use registries to validate proxies. Applicant 
responds that Claim 9 is withdrawn and that Examiner's rejection is therefore moot. 

In reference to rejecting Claim 3 for obviousness, Examiner cites a CNN disclosure that 
teaches using XML documents. Examiner admits that Feghhi et al. does not teach of using XML 
documents. Examiner maintains, however, that one of ordinary skill in the art would have been 
motivated to use XML documents as per CNN to make digital signatures universally accessible a 
required by Feghhi et al.. Applicant responds that Claim 10 depends from Claim 1, and the use 
of an XML document added as an element added to a Claim dependent from an allowable 
independent Claim results in allowability of the Claim specifying and XML element or 
limitation. 

Applicant respectfully submits that Claims 3 and 10 are dependent from Claim 1 and are 
therefore allowable. 

Applicant respectfully submits that Examiner's Claim objections have been satisfied and 
Claim rejections have been traversed by the Claims as cuurently amended, and further that the 
Claims as currently amended are allowable. 

If any matters can be resolved by telephone, Applicant requests that the Patent and 
Trademark Office call the Applicant at the telephone number listed below. 
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Patrick Reilly 
Attorney-at-Law 
Box 7218 

Santa Cruz, CA 95061-7218 
(831)332-7127 



Respectfully submitted, 
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